1. Field of the Invention
The present invention relates to a data input/output technique, and particularly to a technique for input/output of encrypted data, which is to be kept secret, between a storage device and a host device.
2. Description of the Related Art
As a contents data distribution system with improved security of license data, a contents data distribution system disclosed in Japanese Patent Application Laid-open No. 2004-133654 is known, for example. With such a system, the devices handling the license data in the non-encrypted form are classified into three kinds of devices, i.e., a server, a memory card (storage device), and a decoder (user device). Transmission/reception of the license data is performed between the devices (between the server and the storage device, or between the storage device and the user device) through an encrypted communication path established therebetween. Note that each of the recording device, the storage device, and the user device, includes a TRM (Tamper Resistant Module) for handling the license data in the non-encrypted form.
With establishment of the encrypted communication path, first, a device providing license data (which will be referred to as “license provider”) transmits a certificate including a public key to a device receiving the license data (which will be referred to as “license receiver”). Then, the license provider verifies the certificate of the license receiver. As a result of the verification, only in a case that determination has been made that the certificate is valid, and the certificate is not listed in the certification revocation list, key sharing is performed between the two devices using the public key included in the certificate. Then, the license provider encrypts the license data using the key provided from the license receiver as a result of key sharing, and transmits the license data thus encrypted, to the license receiver.
The TRM is a circuit module which physically protects the security thereof. The TRM has a configuration which restricts access from other circuits, except through the encrypted communication path.
Note that in a case of acquisition of the license data, the memory card, which is mounted to a terminal having a function of communication with the server, receives the license data from the server through the terminal. On the other hand, in a case of using contents, the memory card, which is mounted to the terminal including a built-in decoder, transmits the license data to the decoder through the terminal.
As described above, such a contents distribution service provides encryption of the contents data and security of the license data, thereby ensuring copyright protection with regard to the contents. Such ensuring of the contents copyright protection protects the right of the copyright holder of the contents. This provides a reliable contents distribution system which allows the user to add new contents to the lineup for contents distribution with high security, thereby meeting the needs of the user over a wider range.
As described above, with conventional contents distribution systems, there is no need to give consideration to security as far as the server device, which is the license providing device, is concerned. Even if a fake server device, i.e., a spoofing server device records faked license data on a storage device which is a license receiver, such recording does not mean that leakage of contents will occur. That is to say, such spoof recording does not infringe on the right of the contents copyright holder. The same can be said of reproduction. That is to say, even if a spoofing storage device, i.e., a spoofing license provider provides fake license data to a user device which is a license receiver, legitimate encoded contents data is not reproduced. That is to say, such a spoofing license providing device does not leads to infringement of the right of the contents copyright holder through leakage of contents.
Now, let us say that the license providing device is a recorder having a function of digital recording of video signals or video data using the copyright protection function. A contents data distribution system including such a recorder must be designed giving consideration to risk from a recorder with breached security (in a case that the security of an authorized recorder is breached due to a certain reason) or a spoofing recorder. In general, recorders receives contents data which is to be recorded, through broadcasting or line input (RCF terminal, S terminal, IEEE1394, and so forth). Such contents must be recorded while keeping protection factors determined beforehand for each input method, recording conditions multiplexed with the contents data signal, and so forth. Any recorder which does not satisfy these conditions should be considered to be a device with insufficient security for protecting the right of the contents copyright holder. Since it is almost impossible to completely prevent such license providing devices with insufficient security from providing such unauthorized license data, the storage device, which is a license receiver, should be designed so as to have a function of rejecting such unauthorized license data. In the same way, the user device should be designed so as to have a function of rejecting such unauthorized license data provided from a storage device with insufficient security or a spoofing storage device.
The present invention has been made in view of the above problems, and accordingly, it is an object thereof to provide a recording device and a host device having a function of input/output of confidential data in an encrypted form which allows input/output of contents data with high security in a sure manner.